I have an ldap server who I connect to using `con = ldap.initialize(server)` and I bind to the server using `con.simple_bind_s(bind_dn, bind_password)`.
Now I want a authenticate a user using this ldap connection using his username and password which is different from the bind username and password. I searched a lot but didn't get any concrete answer.
Any help is appreciated.Thanks.
con.simple_bind_s(POST[bind_dn], POST[bind_password])
Can be used for both admin and users, something like this:
con.simple_bind_s(uid=1000,ou=people,o=org, password)
con.simple_bind_s(cn=Directory Manager, password)
In general, you can find ready to use modules in python that allow the management for users session using the same priciple, ceck this: https://turbogears.readthedocs.io/en/latest/cookbook/ldap-auth.html
Related
I am using the ldap3 library (https://ldap3.readthedocs.io/en/latest/) with Python and authenticating against LDAP
conn = Connection(server, user='CN=person,OU=Service Accounts,DC=mydc,DC=mydomain,DC=co,DC=uk', password='Password123', auto_bind=True)
The below works but only because I know the person value. How would I set this up so someone can authenticate using their mail or user ID e.g. forename.surname
At the moment they would need to use the dn form which of course no user will ever be likely to know
Thanks
Using this page https://ldap3.readthedocs.io/en/latest/tutorial_intro.html#logging-into-the-server
I got the following to work
from ldap3 import Server, Connection, ALL, NTLM
server = Server('ldap://my_ldap_server', get_info='ALL')
conn = Connection(server, user="mydomain\\user", password='Password123', authentication=NTLM)
conn.bind()
authenticated = conn.bound
print(authenticated)
conn.unbind()
At the moment they would need to use the dn form which of course no user will ever be likely to know
With standard LDAP directories, you're supposed to bind with the application's own account first, then perform a search for some attribute as the username (e.g. search Active Directory for sAMAccountName=theuser), and finally use the found entry's DN as the actual bind DN for password verification.
For Active Directory in particular, you can directly specify either the UPN theuser#ad.example.com or the legacy SAM account name EXAMPLE\theuser in place of the bind DN.
So, I have two servers:
1) Dev
2) Prod
I am using pymssql.connect() for connecting to a SQL database to which Dev\user has access. The problem is that Prod\user does not have access, but it is the same password to login to both servers, thus if I could do something like, on the "prod" server
user = input("user:")
pymssql.connect("select 2",server_db,user=user,password=None)
then I can hard type user=dev\user and still use the password from authentication, which does not work. If I set user=None, then automatically user and pw is from the authentication, but is it not possible to extract either of those?
I cannot type the password since it is a job which runs each night.
I am working on an email client powered by Django and IMAPClient library.
On the client-side, users have interface for associating their mailboxes (like test1#gmail.com, test2#gmail.com, etc...) with their accounts in my app . And the goal is to store credentials info so that the user has to go through the procedure of inserting password and host name (like imap.gmail.com) only once unless he deliverately logs out from an account.
The question is, where and how should the login/password/hostname data used for establishing IMAP connection be stored? Is it my server's DB? Or some sort of .ini files? I remember, reading a post about python/imap where they stored it in .ini files, but I can't find it now.
Currently, I store credentials and IMAP hostname info in my local db. Thus, in each view that needs to fetch info from IMAP server, I query my server db to get the data and After this, I initialize IMAPClient variable for establishing connection with the IMAP server. And I have a terrible feeling that this is junk code:
def show_mail(request, login):
user_email_info = UserEmailInfo.objects.get(user_id = request.user.id,
login = login)
HOST = user_email_info.host #'imap.gmail.com'
USERNAME = user_email_info.login
PASSWORD = user_email_info.psw
server = IMAPClient(HOST, use_uid=True, ssl=True)
server.login(USERNAME, PASSWORD)
P.S. I am not sure whether this question is related more to general python/Django rather than IMAP. So if I am missing something, please give a hint on this, I'll edit the question in a timely manner.
I am looking for a way to avoid storing / entering a password when attempting to connect to a Windows SharePoint site. I am using urllib2
The script functions correctly when I pass "user" and "password" as strings in the code below. I would rather leverage Windows Authentication to avoid having to store a password within the script.
import os
import urllib2
from ntlm import HTTPNtlmAuthHandler
user = '%s\%s' % ( os.environ["USERDOMAIN"], os.environ["USERNAME"] )
passman = urllib2.HTTPPasswordMgrWithDefaultRealm()
passman.add_password(None, server, user, password)
Is there something akin to using "Trusted Connection" in pyodbc:
cnxn = pyodbc.connect("""Driver={SQL Server};Server=Whatever;Database=Whatever;**Trusted_Connection=yes**""")
After lengthy searching, I have come up empty. I am grateful for any suggestions.
If storing a password works, then I'd recommend just storing the password. Try using Python's keyring module to do this. https://pypi.python.org/pypi/keyring
This will keep the credentials secure on whatever platform the user is using to connect.
Prior to the 1.7.6 dev server update, I was able to use /_ah/remote_api to upload test data to my dev server having to go through the authentication process by not entering a username and password (hitting return twice). Since the update, this now continuously asks for a username and password, regardless of what I put in - often says error incorrect username or password. I am currently targeting localhost:8080,
def auth_func():
return (raw_input('Username:'), getpass.getpass('Password:'))
remote_api_stub.ConfigureRemoteApi(None, '/_ah/remote_api', auth_func,
'localhost:8080')
though there are two new servers including the API server and the admin server. Has anyone else encountered this? if so, how did you fix it?
Thanks!
Jon
Apparently thanks to Tim - If you use the new dev_appserver then you need to sepecify a email like looking username and a single character as a password on the local development server in order for it to accept and move past the login stage.